In companies and organizations that use multiple computer applications (sometimes referred to as “apps”) and proprietary data, it is important to carefully control access to such resources. Granting individual employees only the access necessary to carry out their respective roles and responsibilities enhances the company's effectiveness at managing the security of its proprietary applications and data.
According to one known system, a central database is used to store multiple entitlement profiles with a lightweight directory access protocol (LDAP). Each LDAP profile may comprise an alphanumeric code associated with the users that are permitted to access an entire application or portions of an application. In such a system, however, it can be somewhat cumbersome to manage and modify entitlements for a particular application, particularly when there are multiple users who need different access rights to various groups of components of the application. For example, if an application developer wishes to grant a user access to a unique group of components of an application, the application developer may need to create a new LDAP profile identifying the relevant group of components associated with the user. The application developer would then need to add the user to this newly created LDAP profile in order for the user to gain access to those components. Creation of the LDAP profile and adding the new user to the LDAP profile can be time consuming because the LDAP is generally maintained on a different server than the application, and by a different administrator than the application developer. Once the LDAP profile is set in code, and the user's ID is added to the LDAP profile, the application then queries the central LDAP server to determine if the end user has access to the application. The process may take several days to complete due to the need to create a new LDAP profile and to use different systems to grant the appropriate access to the user. The process can be overly time consuming for an application developer or other administrator needing to frequently grant various users different entitlements to applications. Another disadvantage of LDAP is that there may be many different LDAP profiles required for an application to be properly secured if there are many individuals or groups accessing the application.
It would be advantageous, therefore, to have an entitlement system that allowed for rapid updating of entitlements to an application and components of the application, and that avoided other drawbacks such as the need to maintain many different LDAP profiles.